PortugueseNews
Hard drive missing from Ky. Hospital
May 03, 2010Howard Anderson, Managing Editor
HealthcareInfoSecurity.com
The Medical Center at Bowling Green is notifying 5,418 patients of a breach resulting from the theft of an unencrypted portable hard
drive stored in a locked area.
On April 1, the Kentucky hospital discovered that the device had been stolen from its mammography suite.
The hard drive contained information on patients who underwent bone density testing between 1997 and 2009. Information included name, date
of birth, address, medical record number and physician name. For some patients, Social Security numbers and certain health information also
was included.
The hospital notified local police as well as federal regulators as required by the HITECH Act's breach notification rule. In its letter
to patients, it advised them to monitor credit and bank accounts and obtain a credit report.
As a result of the incident, the hospital
said, "We will now archive data to a secure network, which will allow us to eliminate the need for use of a hard drive like the one that was
stolen. Additionally, we will ensure that we do not have any other equipment configurations that utilize a portable hard drive containing
non-encrypted data."